Apple antitrust drama headlined this year’s IAPP privacy event

By Mark Sullivan

April 13, 2022

Politics loomed large over this week’s Global Privacy Summit in Washington, D.C.

The annual training and networking event, hosted by the International Association of Privacy Professionals (IAPP), carried some added political buzz as regulators in the U.S. and Europe edge closer to passing major regulation to reign in big tech companies.

Apple’s Tim Cook, Microsoft’s Brad Smith, Federal Trade Commission (FTC) chair Lina Khan, and European Commissioner for Justice Didier Reynders, each got a turn at the mic, and each seemed to address a wider audience than just the privacy-minded people in the room.

In the U.S., personal data plays a big role in antitrust regulation—it is the commodity upon which big operators build monopoly power. Platforms, such as Apple, Google, Meta/Facebook, and Amazon, have greater access to mountains of user information, and can use that data dominance as a bulwark against competitive threats from smaller companies.

Congress has so far failed to pass comprehensive legislation to protect Americans from the data-harvesting practices of tech companies, large and small, and the entire ecosystem of data brokerages and specialty data shops that trade in personal data of all kinds. But Congress is closer to passing landmark antitrust legislation that would break up the data and marketplace monopolies of big U.S. tech companies. Both the House and the Senate have advanced versions of the Open App Markets Act, which would compel Apple to allow iDevice users to “sideload” apps from marketplaces other than the App Store.

Apple’s Tim Cook used his keynote address Tuesday to rail against the legislation, arguing that antitrust regulation aimed at app stores could endanger the privacy and security of millions of iPhone and iPad users.

“That means data-hungry companies would be able to avoid our privacy rules, and once again track our users against their will,” he said during the keynote Tuesday. “It would also potentially give bad actors a way around the comprehensive security protections we’ve put in place, putting them in direct contact with our users.”

If the Open App Markets Act passes, the experience of installing apps on an iPhone might become more like that of downloading apps on a Mac, which has an App Store but also permits you to install apps outside of it—sometimes with dialog boxes warning of potential security risks. Experts believe that Apple may be able to isolate and scan apps from third-party app stores for security or privacy risks.

Not everybody was convinced that Cook was speaking in good faith. “Apple is arguing that antitrust laws will be bad for privacy and national security,” tweeted Rep. Ken Buck of Colorado, top GOP member of the House Judiciary’s antitrust panel. “Apple clearly doesn’t care about your privacy . . . Apple *only* cares about Apple,” Buck added. Buck is one of the sponsors of the House version of the Open App Markets Act. He made headlines early this month by predicting that Congress will indeed pass antitrust legislation covering app stores this summer.

Khan, who was sworn in as FTC chair last June, made a name for herself  by publishing groundbreaking work on tech antitrust while a law student at Harvard in 2017. In short, she energized a school of thought saying that competitiveness in tech markets must be measured not only by low consumer prices, but also by the markets’ capacity to accommodate new entrants with fresh ideas.

During her IAPP keynote, she spoke mainly about the FTC’s efforts to reign in companies that illegally harvest user data. But she made clear that her agency is also looking at privacy through the lens of antitrust.

“Given the intersecting ways in which wide-scale data collection and commercial surveillance practices can facilitate violations of both consumer protection and antitrust laws, we are keen to marshal our expertise in both areas,” Khan said, “to ensure we are grasping the full implications of particular business conduct and strategies.”

In late March, the European Parliament and the 27 EU countries agreed on a package of antitrust regulations called the Digital Markets Act, which would rein in the power of big tech “gatekeepers” (including those that control app stores) to preference their own products over ones from third-party sellers. The parliament and member countries have yet to officially adopt the measure, but EU competition chief Margrethe Vestager has said she expects the rules to come into force as soon as October.

Other keynote speakers focused more squarely on the lack of a federal data privacy law in the U.S. Microsoft president Brad Smith pointed out that Microsoft first called for a federal privacy law back in 2005, 17 years ago. “We have to realize that comprehensive privacy legislation for the United States is not just necessary, it is long overdue,” he said. Smith said 120 countries and jurisdictions around the world have enacted privacy laws, have proposed privacy laws, or are considering updates to existing laws.

“The failure of the United States to legislate doesn’t stop global legislation, it doesn’t even slow it down,” Smith said. “It just makes our country less influential in the world.”

The lack of a federal privacy law has allowed big tech companies, such as Google and Meta to, in effect, regulate their own privacy practices. It’s also spurred the states to enact their own privacy laws, creating a patchwork of rules that makes life more difficult for everyone. Smith said he keeps a complicated spreadsheet of each state’s rules and the enforcement bodies that Microsoft must engage with.

On the other hand, the fact that the privacy regulatory debate is happening on the state level actually gives the tech giants an advantage, points out Julia Angwin, a journalist who cofounded The Markup, which covers big tech and the data economy. Angwin says the reason local news outlets have been decimated is because much of their advertising revenue was swallowed by social media. “That’s a bad thing for democracy,” she says. “What’s happening is that this policy is being written in places where people aren’t paying attention . . . the companies that have the most to gain from gaming these laws can easily influence [the wording in] them at the state level.”

Reynders spent most of his keynote talking about the Privacy Shield agreement that the U.S. and the EU just agreed upon after an 18-month negotiation process. The agreement establishes new limits on how U.S. law enforcement can access the personal data of EU citizens stored on the servers of U.S. tech companies. “We now need to finalize the terms of this agreement in principal and translate them into legal text,” Reynders said.

Before the new framework can be put into effect, the Biden Administration will have to pass an executive order, and the EU parliament must review and approve the new terms. “We expect that the new framework could be finalized by the end of this year,” Reynders said.

 

(42)